Skip to content

Type alias: SDKConstructor()

SDKConstructor: (args) => SealdSDK



args.apiURL?: string

The Seald server URL to use.

args.appId: string

The appId given to you by Seald. It is the unique identifier of your application for Seald's servers.


Function that returns an encryption session cache. The cache must have get, set, keys and delete methods. Default to an in-memory Map. The function receives as arguments some values that could be useful (appId, encryptionSessionCacheTTL, dbKey, ...), as well as some helpers (sscrypto, scrypt). This function must never throw, and the methods of the cache itself must never throw either.

args.databaseKey?: string

If you are using a persistent database, the key to encrypt it with. A random string of at least 32 alphanumeric characters, stored by your back-end and given after authentication, is recommended. This will be derived into the actual encryption key.

args.databasePath?: string

If you want to have a persistent database, use this argument. On Node, takes a directory path. On the browser, takes an arbitrary string that will be a localStorage key. If not given, defaults to a memory-only non-persistent database.

args.databaseRawKey?: string

If you are using a persistent database, the raw key to encrypt it with. This MUST be the Base64 string encoding of a cryptographically random buffer of 64 bytes. This avoids deriving the databaseKey with scrypt. If you have any doubt, use databaseKey instead.

args.encryptionSessionCacheCleanupInterval?: number

Interval in milliseconds between auto cleans of the cache. Defaults to Math.max(encryptionSessionCacheTTL, 10000), which means equal to encryptionSessionCacheTTL with a minimum of 10s. Set to 0 to force default. Set to -1 to disable automatic cleanup.

args.encryptionSessionCacheTTL?: number

Duration of cache lifetime in milliseconds. -1 to cache for lifetime. Default to 0 (no cache).


To manually pass an RSA key generation implementation to override the current SDK's default implementation. Must take a key size in bits, and return a string corresponding to an export of the private key in base64 using ASN.1 syntax with DER encoding wrapped in a PKCS#8 enveloppe as per RFC 5958, and encoded per PKCS#1 v2.2 specification. To force using SSCrypto key generation, pass null. For advanced use only.

args.hairlessURL?: string

The Seald URL to use for documents for non-Seald users. Only change it if asked to by the Seald team.

args.keySize?: 1024 | 2048 | 4096

Change the Asymmetric key size for newly generated keys. Defaults to 4096. Warning: for security, it is extremely not recommended to lower this value. For advanced use only.

args.nedbClient?: NedbClient

To manually pass a follicle database client instance to the SDK. For advanced use only.

args.plugins?: SDKPlugin[]

Array of plugins to add to this SDK instance.

args.scrypt?: SCrypt

To manually pass an SCrypt implementation to override the current SDK's default implementation. Must take a Buffer for password, another Buffer for salt, derive them with SCrypt with parameters N=16384, r=8, p=1, an output length of 64 bytes, and return the output as a binary Buffer. For advanced use only.

args.shouldWaterfallApi?: boolean

Should all requests to Seald's servers be serialized. Safer, but may be a bit slower. Defaults to false.

args.sscrypto?: SSCrypto

To manually pass an SSCrypto implementation to override the current SDK's default implementation. For advanced use only.